3 min read

OOPS Report H2-2025: AI and automation are driving cyberattacks

Picture of Timo Imbrogno Timo Imbrogno : Updated on March 11, 2026

Press release

5:38

OOPS H2-2025 Report

Ransomware and data theft dominate cyber attacks

RIEDEL Networks analyses over 150 IT security incidents in the second half of 2025 and shows an increasing professionalization of attacks - reinforced by AI, automated attack chains and data-driven extortion models

Butzbach, 10 March 2026 - RIEDEL Networks, provider of tailored IT security and network services, has published its latest report with over 150 documented IT security incidents from the second half of 2025. The analysis shows a clear trend: cyberattacks are becoming more professionally organized, more automated and are increasingly causing operational and economic damage. At the same time, experts assume a significantly higher number of unreported cases, as many incidents remain undetected or are not reported publicly.

The report reveals recurring structural weaknesses in many organizations - such as a lack of network segmentation, inadequate monitoring and outdated authorization structures. Many incidents also reveal fundamental deficits in modern security architectures. Although companies often have individual protection mechanisms in place, there is often a lack of end-to-end monitoring and a coordinated security strategy.

Cyber criminals are increasingly exploiting these vulnerabilities strategically. They are increasingly relying on AI-supported social engineering, automated scouting and attacks along digital supply chains. At the same time, leak sites, fixed deadlines and targeted psychological pressure are increasing the pressure to blackmail affected organizations. Supported by automated attack chains, such campaigns now affect a wide range of industries and can have a significant impact on operations and reputation.

"Cyberattacks are increasingly becoming business-critical events with immediate financial and strategic consequences," says Michael Martens, CEO of RIEDEL Networks. "The biggest threat is not just the attack itself, but how long it remains undetected. Companies must therefore consistently focus their security strategy on detection, response and sustainable resilience."

Key findings of the report:

Ransomware remains the dominant form of attack: at 32.5%, the proportion is falling slightly (38% in H1-2025), but it remains one of the most common methods. It is increasingly being supplemented by targeted data theft (33.4%), while classic categories such as security breaches or DDoS are becoming less important.

Cybercriminals dominate the attacker picture: At 86.95%, financially motivated cybercriminals remain by far the largest group of attackers (71% in H1-2025), while state actors, hacktivists and insiders are much less common.
Industry, IT service providers and retail particularly affected: Attacks are increasingly concentrated in industry (34.6 percent; 26 percent in H1-2025), IT (21 percent; 18 percent in H1-2025) and retail (17.9 percent; 14 percent in H1-2025). By contrast, the public sector is losing share, while areas such as events & media and education & research are becoming more visible.
Data-driven attacks are on the rise: Cyber criminals are increasingly focusing on large-volume data exfiltrations in the three-digit gigabyte to terabyte range. Stolen data is used as a blackmail tool via leak sites and increases the economic and reputational damage for affected organizations.

The report classifies the resulting areas of damage and helps companies to classify current developments, identify recurring vulnerabilities and strengthen their cyber resilience in a targeted manner. The growing use of artificial intelligence is having a particularly significant impact on the current threat landscape. While AI is accelerating business processes, it is also changing the dynamics of cyber attacks. These are becoming more automated, more personalized and more difficult to detect. The consequences range from business interruptions and reputational damage to regulatory pressure and loss of trust among customers and investors. This makes it all the more important for companies to continuously review their security architectures and make them resilient in the long term.

The aim of the report is not to publicly name affected companies. Instead, patterns, causes and effects of the incidents are evaluated in order to derive specific recommendations for action and best practices. For this reason, RIEDEL Networks does not name individual companies.

The complete OOPS Report H2-2025 is now available for download here.

About RIEDEL Networks

RIEDEL Networks is a privately held, global network provider focused on customized networks. We are listed in the Gartner Magic Quadrant for Global WAN Services as a niche provider specializing in mid-sized international enterprises and the media and events sector. With our own global backbone, we help companies to be connected worldwide. Our services include internet connectivity, MPLS, SD-WAN, SASE, Cloud Connect, security and much more. Our customers come from various industries and value quality, security and reliability. RIEDEL Networks is a 100% company of the RIEDEL Communications Group in Wuppertal, Germany, and is fully privately owned by Thomas Riedel.